|Nighthawk X10 R9000 AD7200 not blocking devices

Running Windows 10 pro

Firmware V1.0.4.12

Model AD7200

Ok, So I bought the super-dooper, all singing and dancing, bells and whistles, Netgear Nighthawk X10 R9000; having read the blurb and believing it would put pay to interlopers piggybacking on my Wi-Fi. But it doesn’t, or so it would appear? I followed Netgear’s website instruction as best I could: the problem being they’re written by Techos for Techies, whereas I need someone holding my hand. Anyhow, I opened the Netgear Genie, clicked ADVANCED> Security> Access Control, ticked the box: 'Turn on Access Control.' I’d already switched on all the Wi-Fi gear under my roof; TV, Phones, P.C’s, etc., so they were already listed in the Genie. I clicked on, ‘Allow all new devices to connect,’ and put a dot in the circle. I then check marked all my gadgets and clicked on ‘Apply.’ Hey Presto, all my gadgets connected. I then clicked the radial button against the ‘Block all new devices from connecting,’ before scrolling down the page to the section headed, ‘ View list of blocked devices not currently connected to the network.’ There, I listed all the MAC addresses and device names of the interlopers, and pressed ‘Apply.’

Now I don’t know if I missed anything on the way, though my input seemed quite reasonable and logical to me, but I still see listed interlopers on my Windows Network? So the question is: have I got it wrong?

Re: |Nighthawk X10 R9000 AD7200 not blocking devices

Q1. Can we get back to basics and get from you an explanation of what you are trying to achieve?

A1. What I’m trying to achieve is a setup that allows my devices to connect wirelessly to each other, and or the outside world, but prohibits any other outside devices from using the infrastructure, ergo, Wi-Fi piggybacking interlopers.

Q2. If you have set it to "Block all new devices from connecting" why are trying to add MAC addresses to a block list?

A2. I didn’t try to add MAC addresses, I succeeded in adding them, because the system isn’t only geared for it; it calls for it, or so it appears to me? As already stated, when I first configured the Nighthawk, I switched on all Wi-Fi devices I expected it to govern: under the banner of ‘Allow all new devices to connect.’ And then, having pressed ‘Refresh,’ they all appeared. Later, while most of my devices were switched off, and I again accessed the Netgear Genie, I noticed that the original list of my connected devices (I don’t know what that particular field/section is called, as it doesn’t have a heading?) had shrunk; the majority of them then appearing below in the field/section headed, ‘View list of allowed devices not currently connected to the network.’ Under the circumstances, this all seemed very reasonable, as all my devices appeared in one list or the other. (There is one device however, that since the initial setup, has appeared among my ‘allowed’ running devices, following a refresh and subsequent refreshes. It appears to be constantly on. Consequently, not recognising its I.P., address, or MAC details, I have blocked it in that field/section.)

Assuming the Genie means, ‘from that point on,’ I then thought it reasonable to block all new devices from connecting. Following that, scrolling down the page, I looked at the field/section headed, ‘View list of blocked devices not currently connected to the network.’ Now I’m lead to believe that any device conforming to the 802.11ac standard, and demanding Wi-Fi, will be granted it from the nearest like device. I also believe the Nighthawk supports the 802.11ac standard and I further believe that not only is the Wi-Fi signal under that standard, directed specifically in the direction of a demanding device, it’s also increased. As the piggybacking Wi-Fi interlopers, I’m plagued with, appear randomly: none visible on line during the initial setup, and therefore not configuring among my recognised devices where I could have blocked them, I assumed, as there is nothing to say otherwise, and there is a button saying, ‘Add,’ that they needed to be added at that point; a sort of belt and braces. That aside however, as previously stated, security seems to be failing on the Nighthawk, as I’m still seeing interlopers on my network.

Re: |Nighthawk X10 R9000 AD7200 not blocking devices

Q1. Can we get back to basics and get from you an explanation of what you are trying to achieve?

A1. What I’m trying to achieve is a setup that allows my devices to connect wirelessly to each other, and or the outside world, but prohibits any other outside devices from using the infrastructure, ergo, Wi-Fi piggybacking interlopers.

Once you have you router set up with all local devices connected, it will build its own list of allowed stuff. By telling it to Block all new devices from connecting this will deny access to everything unless you add it manually to the allowed list.

I'm afraid it will take someone more expert in this stuff to understand the rest of your message. It isn't obvious to me that the router is not doing what you want.

Re: |Nighthawk X10 R9000 AD7200 not blocking devices

Even late 2018, it's still very unlikely anyone will ever piggyback on your network with WPA2 security enabled.

Very few exceptions, when your network security key became well known, or when you continue using the same SSID and security key after using a vulnerable router before (like one prone to the WPS KEY testing).

Managing "trusted devices" based on MAC addresses is becoming a pain with a growing network size.

Re: |Nighthawk X10 R9000 AD7200 not blocking devices

First of all, I want to say how much I appreciate all the time and effort folk are putting in to help me. Second, to tray and explain my situation a little better, I have compiled a couple of illustrations. (See attachment 1)

(A) Is, so far, an Unidentified Foreign Object(B) Are good guys(C) Are good guys sleeping(D) Are the Baddies I want off my range.* I once thought Mediatek was a baddie, till this morning when my wife happened to turn on her mobile phone, just as I ‘refreshed’ the Nighthawk. Mediatek immediately dissapeared from Baddies and showed up (as blocked) in group (B). So, just to recap: When I first set up the Nighthawk and with the ‘Allow all new devices to connect’ highlighted, I tuned on all my devices and all the good guys configured in group (B). They were also, the only devices to appear anywhere on screen. I then ticked all the boxes down the left hand side, clicked on ‘Allow’ and then ‘Apply’. Later, as previously said, list (B) split, becoming (B) and (C). I assumed, at that point, that my logged devices were now secure and that changing from ‘Allow all new devices to connect’ to ‘Block all new devices from connecting’ wouldn’t affect their status and only affect those attempting to join from that point on. As none of the bad guys had appeared during setting up and thus far, but knowing they would at some stage, and having previously created a database, logging their device names, MAC Addresses, time of day and duration, I compiled list (D). Despite having taken these measures though, I still see Baddies on my network? (See atatchment 2.)What I also don’t understand is, whenever I catch a glimpse of these invading device in my network folder (See attachment 2), and having the Netgear Genie open I hit ‘refresh,’ the device fails to register anywhere in the Genie? And it may only appear briefly in my network folder, say just long enough to send a text, before disappearing again.I hope this information proves useful and look forward to seeing what anyone make of it.Thanks again, Geoff Coates

Re: |Nighthawk X10 R9000 AD7200 not blocking devices

Again, re-think on why suspect intruders are able to join the network. Best guess: They know your SSID shared security key, the password. Or it was configured and allowed one day, e.g. while people visited you. Potential weakness in the past of a previous router which was vulnerable to WPS PIN testing (it was not difficult to scan 0000...9999 and get the shared secret configured)? Potential weakness of a previous or the current set-up permitting some unwanted admin access, unveiling the security key?

Re: |Nighthawk X10 R9000 AD7200 not blocking devices

I was hoping, through my last post, that I’d given better insight into my situation, but obviously it needs more input from me. So here’s some recent history to help clarify certain factors. Up until mid July, past, I’d been served by a BT., Home Hub 4 and with due care and attention everything had ran smoothly. However, some of my gadget, gizmos and devices were beginning to show their age and needed updating. Consequently, I built a new desktop to my own specification, bought a new 4K laptop, TV, Blue-ray and DVD player; all needing WI-FI. As I deem the Home Hub, possibly, incapable of handling the extra overhead, I also upgraded that to a BT., Smart Hub 6A, and increased my Broad Band width. For my sins I’m running up-to-date versions of Windows 10 pro on my Desktop and new Laptop, and 8.1 on an older laptop, that is sort of sentimental to me. All three of these devices have Windows Networking icons on their desktops. It was while setting up my home network through the new Smart Hub, which is a modem-router, that I one day noticed a stranger on board. Being virtually obsessed with security, I changed both Hub Admin and SSID passwords almost as soon as the device was unpacked; despite claims from the supplier (like Netgear) that the security it came already installed with, was the real deal. Furthermore, I don’t leave passwords lying around: I have a password manager, so even I don’t know what passwords are; they’re locked away in the manager’s vault and kept on a flash drive that is also password protected. That password also isn’t written down, so, unless I talk in my sleep…. I also steer clear of flaky WEP setups. Likewise, other than the devices that I’ve set up, nobody gets to use my network. As for hacking the passwords, the author of the software claims that even using the latest technology it would take over ten years. Nonetheless, I’ve changed passwords a couple of time since installation.

I took up the interloping problem with BT., my I.S.P; fighting my way through their front line of inadequate professionals, finding eventually that other than switching the WI-FI off in the Smart Hub, there’s no way of preventing it. BT., boast of having over five million ‘Hot Spots,’ Nation wide and it’s chumps like me providing the service! Anyhow, that’s another story for another day; except to say that I then went out and bought the Nighthawk, the Smart Hub relegated to a cute modem. Despite this though, I still see these intruders occasionally on my network? The strange thing is, having now becoming more familiar with the Nighthawk, they never appear on that; not in Access Control, nor the Logs. They only ever appear under Windows Network? And if I have Network windows open on all three of my pc’s, running simultaneously, interlopers may appear on one, or two, but never all three. Sometimes I can see different interlopers at the same time, on different screens, but not,as said, on the Nighthawk? Therefore, I’m inclined to think that rather than being a Nighthawk issue; it not recognising them, it might be something connected with the Windows O/S?

As I need to get to the bottom of this, if only for peace of mind, I shall investigate further and keep you updated with any findings.

Re: |Nighthawk X10 R9000 AD7200 not blocking devices

It was while setting up my home network through the new Smart Hub, which is a modem-router, that I one day noticed a stranger on board.

This seems to be the core issue. (I think we can safely ignore the rest.)

Add that to this bit:

@geoffemm3rd wrote:The strange thing is, having now becoming more familiar with the Nighthawk, they never appear on that; not in Access Control, nor the Logs. They only ever appear under Windows Network?

and we have another clue.

I am not sure what the question mark is doing at the end of that. If you are saying that is what happens, then one possibility is that these alien invaders are no such thing.

Windows is quite capable of finding devices that people do not recognise. For example, it can show things like mobile phones with more than one entry.These may be real devices on your network, it is just that you haven't worked out what they are.

Have you looked up the mac addresses for the "suspicious" devices in your list? What you have labelled as "Austin" is from Amazon Technologies Inc.

My suspicion is a severe case of paranoia.

@geoffemm3rd wrote:.....other than switching the WI-FI off in the Smart Hub, there’s no way of preventing it. BT., boast of having over five million ‘Hot Spots,’ Nation wide and it’s chumps like me providing the service!

You may need to read a bit deeper. I don't allow BT to use my HomeHub as a hot spot for the rest of the world to use, even though this is a harmless thing to do. (At the moment I have two VDSL Internet services on BT, one with a Homehub, the other with a Netgear modem and a Netgear router, plus a bunch of Orbi kit.) Then again, I blocked this so long ago that I have forgotten the details. Try the BT user forum.

....I then went out and bought the Nighthawk, the Smart Hub relegated to a cute modem.

I am not familiar with the latest BT hubs, but older models do not allow that "modem only" mode of operation. It is not possible to turn off the router in the same way that you can change the mode of Netgear's modem/routers. You can jump through various hoops to disable things, but once again, the BT forum is the best place to chew over that issue.